Identity Security Posture Management (ISPM) is a critical component of any organization's security program, particularly in a highly distributed environment. In this hands-on workshop we will show attendees how to onboard Okta logs, writedetections for key events, and test detections using open source adversary emulation tools. The workshop will be run in an individual lab built with a combination of free and open source tools and in the process create a lab for future research. A basic understanding of YAML and writing detections is helpful but not required.